[Samba] More on bind_dlz - documentation I have not found

Robert Moskowitz rgm at htt-consult.com
Fri Aug 28 13:55:41 UTC 2015 


On 08/28/2015 09:37 AM, Rowland Penny wrote:
> On 28/08/15 14:13, Robert Moskowitz wrote:
>>
>>
>>>
>>>> I have not yet checked any ldap documentation on the wiki to see 
>>>> what it says, but I suspect a dhcp lease results in an ldap update. 
>>>> Would a lease expire remove that ldap info?
>
> It should do, if dhcp is set up correctly.

We will be getting to this shortly!

>
>>>>
>>
>> Do you mean /var/lib/samba/private/sam.ldb.d?  That is where I am 
>> finding files of interest.  I do not have the directory you provided.
>
> Yes
>
>>
>> And what is the difference between:
>>
>> /usr/share/samba/setup
>
> This stores samba docs used to install samba (or something like this)

So I need to do the includes into /etc/named.conf from there.

>
>> and
>> /var/lib/private
>
> This is where your databases etc are placed
>
>>
>> I see named.conf in both.  And the setup has other named.* files.
>>
>> But the zone htt. is NOT in there, nor would I expect it to be. 
>> normally MOST people use samba.mydomain.com and mydomain.com is found 
>> via the forwarding.  Of course there is no proper delegation of 
>> samba.mydomain.com so other systems cannot resolve that subdomain.  
>> Here I am building my own TLD, and want proper access elsewhere in my 
>> internal network, thus the htt.zone file needed.
>>
>> BTW, I do not see you using views in your named include files. From 
>> what I got beaten up long ago on the DNS list (Mark Andrews and I go 
>> back a long way in the IETF, so it is 'all in fun') that you MUST use 
>> views.
>>
>
> I personally don't use views and I don't think you really need them in 
> a samba domain

Mark is a bit of a purist; it IS much his code.  And he pretty much 
thinks in C.

>
> OK, to see the AD object for your forward zone, install ldb-tools, you 
> do this with 'apt-get install ldb-tools' on debian
> Then run this command: ldbsearch -H /var/lib/samba/private/sam.ldb 
> --cross-ncs "(DC=home.htt)"

yum install ldb-tools
Loaded plugins: fastestmirror
Shivaserv-sernet                                         | 2.9 kB     00:00
c7buildroot                                              | 2.9 kB     00:00
c7pass1                                                  | 2.9 kB     00:00
comps                                                    | 3.6 kB     00:00
epel                                                     | 4.3 kB     00:00
(1/2): epel/updateinfo                                     | 344 kB   00:01
(2/2): epel/primary_db                                     | 3.5 MB   00:04
Loading mirror speeds from cached hostfile
Package ldb-tools-1.1.17-2.el7.armv7hl is obsoleted by 
99:sernet-samba-ad-4.2.3-18.el.armv7hl which is already installed

So it is already there thanks to sernet.

# ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs "(DC=home.htt)"
# record 1
dn: DC=home.htt,CN=MicrosoftDNS,DC=DomainDnsZones,DC=home,DC=htt
objectClass: top
objectClass: dnsZone
instanceType: 4
whenCreated: 20150827220723.0Z
whenChanged: 20150827220723.0Z
uSNCreated: 3656
uSNChanged: 3656
showInAdvancedViewOnly: TRUE
name: home.htt
objectGUID: 34b4ec5b-bfd2-42e0-96df-c5b12a512725
objectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=home,DC=htt
dNSProperty:: BAAAAAAAAAAAAAAAAQAAAAEAAAABAAAAAAAAAA==
dNSProperty:: AQAAAAAAAAAAAAAAAQAAAAIAAAACAAAAAA==
dNSProperty:: CAAAAAAAAAAAAAAAAQAAAAgAAAAAAAAAAAAAAAAAAAA=
dNSProperty:: BAAAAAAAAAAAAAAAAQAAABAAAACoAAAAAAAAAA==
dNSProperty:: BAAAAAAAAAAAAAAAAQAAACAAAACoAAAAAAAAAA==
dNSProperty:: BAAAAAAAAAAAAAAAAQAAAEAAAAAAAAAAAAAAAA==
dNSProperty:: BAAAAAAAAAAAAAAAAQAAABIAAAAAAAAAAAAAAA==
dc: home.htt
distinguishedName: 
DC=home.htt,CN=MicrosoftDNS,DC=DomainDnsZones,DC=home,DC=htt

# returned 1 records
# 1 entries
# 0 referrals


>
>>
>> Not for the samba zone, but yes for other zones.
>
> You should really just use the samba DNS server (either the builtin 
> one or bind) for the the samba zones, but I suppose you could add 
> other zones, just create them with samba-tool.

So I tried:

# samba-tool dns zonelist localhost
Failed to connect host 127.0.0.1 on port 135 - NT_STATUS_CONNECTION_REFUSED
Failed to connect host 127.0.0.1 (127.0.0.1) on port 135 - 
NT_STATUS_CONNECTION_REFUSED.
ERROR(runtime): uncaught exception - (-1073741258, 'The connection was 
refused')
   File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/samba/netcmd/dns.py", line 
809, in run
     dns_conn = dns_connect(server, self.lp, self.creds)
   File "/usr/lib/python2.7/site-packages/samba/netcmd/dns.py", line 40, 
in dns_connect
     dns_conn = dnsserver.dnsserver(binding_str, lp, creds)

I THINK I have the services running...

More information about the samba mailing list